- By Rutrell Yasin
- Jun 09, 2003
How easy is it to sniff out wireless networks with the intent to break in?
Very easy, if you have the right antennae hooked to your laptop and you have freeware network-sniffer software such as NetStumbler. That is what the security director of Guardent Inc., a Waltham, Mass.-based managed security service provider, used last week during a "war drive" through the business district and Capitol Hill area of Washington, D.C.
Riding in a Humvee with the company's name printed on each side, Todd Waskelis demonstrated how a person using radio frequency scanning could detect wireless access points. During a half-hour drive that covered about eight miles, he picked up 236 wireless access points including government, business and personal wireless local-area networks (WLANs).
More than half of those access points — 135 — didn't have Web-enabled encryption to protect data sent over the WLANs. The NetStumbler software listed the network's message authentication code address and whether data is encrypted, the name of the network if the company or agency chose to broadcast it, the radio channel it is located on, and the type of access point device being used.
The nonencrypted WLANs represent low-hanging fruit for hackers or intruders, Waskelis said. He added that the nonencrypted networks could have other security features to block access, but intruders can use "access points to get to the Internet." And by using someone else's IP address, a person can hide his or her identity.
"War walking" or "war driving," the process of moving around a city looking for access points in order to penetrate WLANs, is becoming more prevalent, according to industry experts. Another common occurrence is "war chalking," when intruders mark the spot where wireless access points can be picked up, said Mike Disabato, a senior analyst with the Burton Group, an information technology consulting firm.
"Most [intruders] are looking for free Internet access, which is an illegal use of your services," Disabato said. But others may want to steal data, he added.
Wireless war drive stats
A "war drive" through downtown Washington, D.C., detected the following:
* 236 wireless access points.
* 135 unencrypted wireless LANs.
* 8 peer-to-peer connections.
* 11 unnamed networks.